SharePoint Dragons

Nikander & Margriet on SharePoint

Getting the right set of permissions when creating a custom permission level in PowerShell

Despite all its power and flexibility, developing PowerShell scripts feels like a dev experience that could be had 15 years ago. Often, we find ourselves creating prototypes in VS.NET first, before diving into the murky waters of visual PowerShell editors. Having that off our chest, suppose you’re creating a PS script that creates a new SharePoint permission level. The code is not too hard, something like:

$CustomPermissions = New-Object Microsoft.SharePoint.SPRoleDefinition
$CustomPermissions.Name = “TheName”
$CustomPermissions.Description=”A Descr”
$CustomPermissions.BasePermissions=”ViewListItems, AddListItems, EditListItems, OpenItems, ViewVersions, ManagePersonalViews, ViewFormPages, Open, ViewPages, CreateSSCSite, etc., etc.”

Now, what’s the easiest way to get to the permission mask you want? We do this:

  1. Create it first via the SharePoint UI (Site Actions > Site Settings > Site Permissions > Permission Levels).
  2. Create a C# program in Visual Studio that loops thru all permission levels until you find the one you created.
  3. Add the object holding the permission level to the QuickWatch window.
  4. Open the XML property using the XML visualizer.
  5. Copy the value of the BasePermissions attribute and use that string value in your PS script.

The C# code (run from a C# Console Application) looks like this:

using (SPSite site = new SPSite(“http://moon”))
  using (var web = site.OpenWeb())
    foreach (SPRoleDefinition roleDef in web.RoleDefinitions)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: